Router
Purpose
A Router object is used to represent a gateway between Networks. A Router with no Firewall connected to is is regarded as a network bridge or a switch/hub. To add restrictions to it, please add a Firewall object. A router must be connected to an administrative network zone to define what network zone the administrator needs to be connected to in order to change the Router configuration.
Connections
Object | Connection | Description | Function |
|---|---|---|---|
Network | Administration | Tells which network you need to be on in order to perform administration on the Router. | A missing router between Networks indicates that there is no communication between them. |
Network | Connection | Using Connection instead of Administration makes only regular traffic possible, i.e. Dataflows to pass if allowed, not logging in to the Router. | A missing router between Networks indicates that there is no communication between them. |
Firewall | Firewall Execution | The Firewall object is connected to a Router object to show that the Router has restrictions regarding what communication may traverse it. | Can prevent Forwarding. |
Dataflow | Communication | An association to a Dataflow object indicated that the router is allowing the dataflow to travel from one network to another network. | A missing Dataflow association prevents data from passing through the router when the Router is connected to a Firewall. |
IDS | NIDS Execution | Connection to an IDS denotes that the traffic passing through the Router is inspected by an IDS on a network level (NIDS). | A missing IDS will reduce the time needed to attack through unencrypted Dataflows. |
IPS | IPS Execution | A connection to an IPS denotes that the IPS is actively trying to prevent intrusions via all unencrypted Dataflows passing through the Router. | A missing IDS will reduce the time needed to attack through unencrypted Dataflows. |
AccessControl | Authorization | Denotes that there is a login prompt for accessing the Router. | The login prompt is reached from a Network, connected to the Router, with an Administration association. Both root and non-root UserAccount compromise leads to compromise of the Router. A missing AccessControl will result in immediate compromise from the "administration" network. |
Attack Steps and Defenses
Attack Step | Description | Leads to |
|---|---|---|
Compromise | The attacker has been able to take over the Router and can now control it. | Router: DenialOfService |
DenialOfService | No data can flow through the Router due to a denial of service attack. | Network: DenialOfService |
Forwarding | The attacker is able to add his own rules to the Router. | Network: Compromise |
Defence | Description | Default |
|---|---|---|
None | There are no defences associated with the Router object. | n/a |
Updated over 1 year ago